James Showalter paints a chilling, if unlikely, scenario: someone drives up to your home, cracks your Wi-Fi password, and hijacks the grey box mounted by your garage that powers your solar setup. This “solar stalker” would need the skill and motivation to hack your inverter, turning a household energy device into a potential cybersecurity threat.
Showalter, CEO of EG4 Electronics in Sulphur Springs, Texas, insists it’s improbable, yet his company landed in the spotlight when the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of critical flaws in EG4’s inverters. According to CISA, attackers with network access and an inverter’s serial number could intercept data, install rogue firmware, or seize control of the system.
For the 55,000 owners of the affected model, the revelations were unsettling. Once little-known components, inverters have evolved into the brains of home solar systems, tracking performance, connecting to utilities, and even sending surplus power back to the grid.
The issue comes amid a solar boom. U.S. small-scale solar installations have grown fivefold since 2014, turning homes into miniature power plants. But each new system adds to a vast web of connected devices, prime targets for bad actors.
Related: Air Bnb Rolls Out “Reserve Now, Pay Later” Feature For U.S. Travellers.
CISA’s advisory detailed unencrypted communications, firmware without integrity checks, and weak authentication. Some customers vented online, upset that EG4 failed to notify them directly. Showalter admitted missteps but called the flaws “an industry-wide problem,” noting that dozens of solar vulnerabilities have surfaced across brands in recent years.
Compounding the concern, reports from earlier this year revealed that U.S. officials found unexplained communication devices inside some inverters and batteries from Chinese manufacturers. With China dominating solar equipment production, the discoveries have fueled geopolitical tensions.
While experts stress that large-scale grid attacks would be difficult to pull off, the growing number of residential inverters poses a broader risk: as the energy grid decentralizes, its attack surface expands. Unlike large solar farms, home systems operate in a regulatory gray zone with few enforced cybersecurity rules.
EG4 says it is now tightening security, updating firmware, and moving away from Chinese suppliers. For some customers, though, the incident has turned their clean-energy investment into a crash course in the complex, and sometimes unnerving, intersection of climate tech and cybersecurity.
